#pragma once

#include <stdbool.h>
#include <stddef.h>

/*
 * Encrypt and decrypt session scrollback with a password.
 *
 * File format (binary):
 *   [magic       : 10 bytes "FOOT-ENC1\0"]
 *   [salt        : crypto_pwhash_SALTBYTES (16)]
 *   [nonce       : crypto_aead_xchacha20poly1305_ietf_NPUBBYTES (24)]
 *   [ciphertext  : plaintext_len + crypto_aead_xchacha20poly1305_ietf_ABYTES (16)]
 *
 * KDF: argon2id at INTERACTIVE ops/mem limits (≈100ms on modern hardware).
 * AEAD: XChaCha20-Poly1305 (authenticates the magic+salt+nonce as AAD).
 */

bool session_crypto_init(void);

/*
 * Encrypts plaintext with the given password. Allocates and returns a buffer
 * in *out (caller frees); *out_len receives its size. Returns true on success.
 */
bool session_crypto_encrypt(
    const char *password,
    const unsigned char *plaintext, size_t plaintext_len,
    unsigned char **out, size_t *out_len);

/*
 * Decrypts an encrypted blob (as produced by session_crypto_encrypt) with
 * the given password. Allocates *out (caller frees) on success. Returns
 * false on bad magic, truncated file, or authentication failure (wrong
 * password / corrupted file).
 */
bool session_crypto_decrypt(
    const char *password,
    const unsigned char *blob, size_t blob_len,
    unsigned char **out, size_t *out_len);